Sign-up

ID

VAR-201901-0388


CVE

CVE-2016-7576


TITLE

iOS Memory corruption vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-009303

DESCRIPTION

In iOS before 9.3.3, a memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. GasGauge is one of the battery fuel gauge components. A security vulnerability exists in the GasGauge component of Apple iOS prior to 9.3.3. An attacker could exploit this vulnerability with a malicious application to execute arbitrary code with kernel privileges (kernel corruption)

Trust: 1.71

sources: NVD: CVE-2016-7576 // JVNDB: JVNDB-2016-009303 // VULHUB: VHN-96396

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:9.3.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:9.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.0.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.0

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.3.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.3

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.2.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.0.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:8.4.1

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.3.2

Trust: 0.6

vendor:applemodel:iphone osscope:eqversion:9.2

Trust: 0.6

sources: CNNVD: CNNVD-201901-383 // NVD: CVE-2016-7576

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7576
value: HIGH

Trust: 1.0

NVD: CVE-2016-7576
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-383
value: CRITICAL

Trust: 0.6

VULHUB: VHN-96396
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-7576
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-96396
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7576
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-96396 // JVNDB: JVNDB-2016-009303 // CNNVD: CNNVD-201901-383 // NVD: CVE-2016-7576

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-96396 // JVNDB: JVNDB-2016-009303 // NVD: CVE-2016-7576

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-383

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201901-383

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-009303

PATCH
title:HT206902url:https://support.apple.com/en-us/HT206902
Trust: 0.8
title:HT206902url:https://support.apple.com/ja-jp/HT206902
Trust: 0.8
title:Apple iOS GasGauge Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88547
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-009303 // 
            
            
            
            CNNVD: CNNVD-201901-383

EXTERNAL IDS
db:NVDid:CVE-2016-7576
Trust: 2.5
db:JVNid:JVNVU99446427
Trust: 0.8
db:JVNDBid:JVNDB-2016-009303
Trust: 0.8
db:CNNVDid:CNNVD-201901-383
Trust: 0.7
db:VULHUBid:VHN-96396
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96396 // 
            
            
            
            JVNDB: JVNDB-2016-009303 // 
            
            
            
            CNNVD: CNNVD-201901-383 // 
            
            
            
            NVD: CVE-2016-7576

REFERENCES
url:https://support.apple.com/ht206902
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7576
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99446427/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-7576
Trust: 0.8
sources:
            
            
            VULHUB: VHN-96396 // 
            
            
            
            JVNDB: JVNDB-2016-009303 // 
            
            
            
            CNNVD: CNNVD-201901-383 // 
            
            
            
            NVD: CVE-2016-7576

SOURCES
db:VULHUBid:VHN-96396
db:JVNDBid:JVNDB-2016-009303
db:CNNVDid:CNNVD-201901-383
db:NVDid:CVE-2016-7576

LAST UPDATE DATE
2024-11-23T20:11:01.029000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-96396date:2019-01-17T00:00:00
db:JVNDBid:JVNDB-2016-009303date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-383date:2019-01-14T00:00:00
db:NVDid:CVE-2016-7576date:2024-11-21T02:58:14.313

SOURCES RELEASE DATE
db:VULHUBid:VHN-96396date:2019-01-11T00:00:00
db:JVNDBid:JVNDB-2016-009303date:2019-02-26T00:00:00
db:CNNVDid:CNNVD-201901-383date:2019-01-14T00:00:00
db:NVDid:CVE-2016-7576date:2019-01-11T18:29:00.517